给所有请求都加上jwt,隐藏生成jwt的secret(放到.env中),隐藏app-secret(放在pm2运行配置文件中,后续直接读取环境配置即可)

This commit is contained in:
2025-10-17 15:28:22 +08:00
parent 9ec6d30573
commit 59706b70d0
70 changed files with 2279 additions and 688 deletions
+4 -3
View File
@@ -75,7 +75,7 @@ export async function loader({ request }: LoaderFunctionArgs) {
const isPublicPath = publicPaths.some(path => pathname.startsWith(path));
// 获取用户会话(可能包含刷新后的token)
const { isAuthenticated, userRole, refreshedSession } = await getUserSession(request);
const { isAuthenticated, userRole, refreshedSession, frontendJWT } = await getUserSession(request);
// console.log("是否公开路径:", isPublicPath, "是否已认证:", isAuthenticated);
// 如果访问需要认证的路径但未登录,重定向到登录页
@@ -145,6 +145,7 @@ export async function loader({ request }: LoaderFunctionArgs) {
isAuthenticated,
userRole,
pathname,
frontendJWT,
ENV: {
NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL,
NEXT_PUBLIC_APP_ID: process.env.NEXT_PUBLIC_APP_ID,
@@ -182,7 +183,7 @@ export function links() {
}
export default function App() {
const { userRole, ENV } = useLoaderData<typeof loader>();
const { userRole, ENV, frontendJWT } = useLoaderData<typeof loader>();
return (
@@ -215,7 +216,7 @@ export default function App() {
<body className="font-sans">
<MessageModalProvider>
<ToastProvider>
<Layout userRole={userRole}>
<Layout userRole={userRole} frontendJWT={frontendJWT}>
<Outlet />
</Layout>
<RouteChangeLoader />